news 
Hackers hijacked legitimate Chrome extensions to try to steal data
In a worrying cybersecurity breach, hackers have inserted malicious code into multiple Chrome browser extensions in an attempt to steal sensitive user information. According to reports, the attack was carried out by inserting the malicious code into updates of popular extensions.
Cyberhaven, a company that specializes in data protection, was one of the affected parties. The company claims that it discovered the attack on December 25th and quickly removed the malicious code from its Cyberhaven data loss prevention extension. It has since released a clean version with the update number 24.10.5.
The malicious code is believed to be designed to steal browser cookies and authentication sessions, targeting specific social media advertising and AI platforms. This type of attack can lead to the theft of sensitive user information, such as login credentials and credit card details.
It is believed that a phishing email was used to gain access to Cyberhaven’s systems, allowing hackers to push the malicious update onto the company’s extension. The hackers also used this opportunity to install backdoors in the affected extensions, allowing them to maintain control over the compromised apps even after they have been updated.
The attack may not be limited to just Cyberhaven, as security researcher Jaime Blasco has discovered similar malicious code in other VPN and AI-related Chrome extensions. These include Internxt VPN, VPNCity, Uvoice, and ParrotTalks.
It is recommended that all users who use these affected extensions check their logs for suspicious activity and revoke or rotate any passwords not using the FIDO2 multifactor authentication standard. Cyberhaven has also advised its customers to do the same.
This attack serves as a reminder of the importance of being vigilant when it comes to online security. It is crucial that browser users are aware of the risks associated with downloading updates and installing new extensions, especially if they involve sensitive information.
Users are urged to keep their browsers updated and to regularly check for suspicious activity in their browser’s logs.
Source: www.theverge.com
